Adding internet security protocols to your risk register can be a simple process. Staff education is key, and our policies and templates can help you with this.
In this section:
Securing Your Hardware
There’s two things to look for in an internet security suite when protecting your computer, mobile devices and other hardware – antivirus protection and malware protection. A virus refers to a piece of code that is capable of copying itself and corrupting your system (just like a cold or flu virus). Malware, short for malicious software, is software specifically designed to disrupt or damage your computer system. Either can find its way into your computer system via a dodgy email, an illegitimate download or if you visit a bad website. When determining which security system to use, check that it has protection against both viruses and malware.
Securing Your Home Network
For many small business owners, work doesn’t stop as soon as you leave the office. Many connect their work and home systems to make it easier to go home and complete paperwork, rosters and the like after the work day ends. It might be that you take your tablet home and use your home WiFi to connect to the internet. When choosing your security system, be sure to check that it includes Wi-Fi and Network protection, to stop the spreading of viruses or malware through different systems.
Protecting Your Website
Your website is one of the main ways hackers can get access to your server and data. When people talk about “hackers”, they’re generally referring to people who use their computer skills to break into computer systems. Their intent is generally to disrupt the system in some way.
There are however, two types of hackers – white hat hackers and black hat hackers. White hat hackers refer to people who use their computer skills to hack a system on behalf of the system owner. For example, Microsoft, Apple or Google may employ a hacker to try and break into a new product they’re releasing, to search for vulnerabilities. Black hat hackers on the other hand, use their skills for anti social or criminal purposes.
It’s black hat hackers who might attempt to break into your website. There’s big money in hacking websites to access the server they’re stored on. Having this access allows a hacker to create an email address through your computer to send spam or malware to your contact list, or a contact list they’ve imported.
Tips for the Electrical Industry
There are several ways you can protect your website from outside attack:
Keep Software Up-To-Date
It may seem obvious, but it’s surprising how often websites are compromised due to an out of date plugin or operating system. These features are updated for a reason – either the product has been enhanced in some way with new features, or a vulnerability has been found and addressed. Most Content Management System (CMS) vendors will automatically send a message to all clients if something needs to be updated, so check your CMS regularly or subscribe to vendor emails.
Secure Your Error Messages
Be careful how much information you give away in your error messages. If you have a login form for your website you need to consider how you communicate a failure during the login process. For example, if someone guesses the user name correctly, but the password is incorrect, a message says “incorrect password” will tell the user that they have guessed your username correctly. They can then run a program to continually enter random passwords until they hit the right one. Instead, try to use a combination message e.g. “Your username and/or password was incorrect”.
Update Your Passwords Regularly
To avoid being hacked, it’s a good idea to regularly update your passwords across all accounts and devices. Although this can be a lengthy process, a strong password is one of the easiest ways to secure your date and devices. We recommend using a random password generator to produce a random password containing lower and upper case letters, numbers, and symbols. This is the strongest type of password you can create, and they are the hardest to hack.
You might think it’s too hard to remember all of the complex passwords you’ve created for your accounts. Thankfully, new systems such as LastPass and 1Password can help. These systems remember the passwords for all of your accounts – all you have to do is create and memorise one complex password for your “Master Account”. Then, so long as you’re signed into the service, it will kick in and remember your passwords when you try to access any of your connected accounts.
Securing Your Data
Backing up your data is one of the best ways to combat viruses, hackers, hardware failures or damage to servers. Most organisations store their data in house, in computers, phones, tablets or on a server. If any of these devices were to be compromised, through a hack, scam or even technology failure, your businesses livelihood could very well be lost. Thankfully, there are several cost effective ways for backing up this type of locally stored data:
- USB Hard Drive. External hard drives are a great place to store data; the devices are generally compact, lightweight and portable. They are however, limited in space. You can purchase cheap hard drives from roughly four gigabytes in size, to three terabytes in size.
- CD or DVD. Most computers are able to backup data to a CD or DVD disk. They’re typically much smaller than USB hard drives, but can come in handy for storing information about a particular project or customer.
- Local server. A server is a centralised device that can be securely accessed by computers on a network. Traditionally, business owners had to rely on server technology to connect computers in their office and store their data. This can be an expensive outlay for small business, especially when cost effective cloud services are now available to do the same thing.
- Cloud services. There are a multitude of cloud companies that can provide pay-as-you-go cloud based systems for storing your data, which means you do not have to outlay large amounts of cash on your own storage device or server. There are, however, certain things you need to be aware of with Cloud Services, in particular the location that your data is actually stored on, however, different countries have different laws about Privacy, so don’t get caught out. Find out more in our Cloud Technology topic.
Staff Policies – Template
One way to protect your system is with a comprehensive Staff Internet Use policy. This type of policy outlines how your staff are allowed to use work based internet services, such as hardware, software, cloud services, social media and mobile phones. Our Internet Usage Policy Template can help you draft a policy that suits your businesses needs. You should ensure that all new staff sign a copy of this policy on commencement. For any current staff, it is worth having a meeting about the new policy and getting them to sign a copy also.
How To Tell If You’ve Been Hacked
It’s important to know the signs of hacking. Not all hacks result in a major shutdown of your hardware or software. Some might simply add a toolbar on your web browser, or make your computer seem a little slow. You might be warned by a friend or colleague about emails being sent from your account, or your bank might call you to discuss strange activity on your account. Be aware of these signs – they should all raise a red flag.
What To Do If You’ve Been Hacked
The first thing to do if you think you’ve been hacked is change all of your passwords. Start with crucial accounts such as email and financial accounts, and then move on to other business and personal accounts. For crucial accounts – particularly financial accounts – it might also be worth changing your username.
Secondly, let your employees know. They might also become a victim, particularly if your hacker is using your email address. After you have communicated the issue with employees, consider the need to contact your vendors and suppliers.
Finally, if any customer data has been compromised in a hack, you must let your customers know. You may wish to obtain legal advice before you communicate the issue to your customers, to ensure the correct communication of the customers rights and your responsibilities or efforts to combat the problem.
Smart Online Services – Stay Smart Online, SCAMwatch and ACORN
Stay Smart Online is the Australian governments online safety and security website. It is a great resource for consumers and business owners. The website offers information on how everyone can stay safe online to protect personal and financial information. They also have an alert service and Facebook page that you can connect with. This is a great way to find out about scams and vulnerabilities as they happen. Stay Smart Online also offer a Small Business self-assessment tool designed to provide businesses with appropriate measures to improve online security.
SCAMwatch is a website run by the Australian Competition and Consumer Commission (ACCC). It provides information to consumers and businesses about how to recognise, report and avoid scams, both online and offline. Their reporting tool is the best way to inform people if you’ve been scammed. They also have a Twitter account which you can follow to stay one step ahead of scams.
ACORN stands for the Australian Cybercrime Online Reporting Network. ACORN is a national policing initiative of the Commonwealth, State and Territory governments. It allows the public to securely report instances of cybercrime. You can also report incidents of cybercrime if you are affected.